Cyber threat prevention or remediation is typically very “reactive” in that cyber attacks happen, expose a vulnerability, and in response thereto, a new defense is devised and then distributed. Many techniques for cyber threat prediction or detection rely on determining an entry point and a goal for the threat. Some common cyber threat analysis tools, such as Security Information Event Management (STEM) systems, use a rule set that specifies conditions that, when met, indicate that a cyber threat exists. If one of the conditions in the rule set is not met, or there is a departure from what the rule set defines, then the analysis tools will not detect that a cyber threat exists.